SNMP - Firewalls

This is a discussion on SNMP - Firewalls ; Hi all. I try read many about this protocol, but i've one simple question for all the expert that desire help me: What do you think about the use of SNMP protocol in READONLY MODE for monitor distributed geographic network ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: SNMP

  1. SNMP

    Hi all.
    I try read many about this protocol, but i've one simple question for
    all the expert that desire help me:
    What do you think about the use of SNMP protocol in READONLY MODE for
    monitor distributed geographic network with one single point (Zenoss
    box, in this case).
    I mean, is really so bad for security, in your experience, have
    packets that go around the network that give me the state of the
    machine that i monitor?
    Thank all,
    bye,
    Mauro.

  2. Re: SNMP

    Mauroreggio@gmail.com writes:

    > Hi all.
    > I try read many about this protocol, but i've one simple question for
    > all the expert that desire help me:
    > What do you think about the use of SNMP protocol in READONLY MODE for
    > monitor distributed geographic network with one single point (Zenoss
    > box, in this case).
    > I mean, is really so bad for security, in your experience, have
    > packets that go around the network that give me the state of the
    > machine that i monitor?


    There are a couple of concerns. One is that SNMP mibs can reveal an
    awful lot of information about the internal network that might not
    otherwise be available. Are you comfortable with giving attackers
    that information?

    Also, suppose there is something allowing read/write mode to that
    snmpd... its password goes across in the clear.

    Are you logging or acting on brute force attacks against the daemon?

    Are you willing to trust that the daemon on that box won't end up
    having some sort of vulnerbaility for which an exploit could be
    developed leading to the root compromise of the device?

    If you can get comfortable on those fronts, then it's acceptable
    risk... but generally speaking, it's a bad idea to allow snmp from
    unauthenticated anonymous internet hosts.


    --
    Todd H.
    http://www.toddh.net/

+ Reply to Thread